New attack methods can be used to circumvent web application firewalls (WAFs) from various vendors and infiltrate systems, allowing attackers to gain access to sensitive business and customer information.
web application firewall important line of defense It helps you filter, monitor, and block HTTP(S) traffic to and from web applications, protecting against attacks such as cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection.
Common bypasses include adding ” JSON syntax In SQL injection payloads that WAF cannot parse Said“Most WAFs can easily detect SQLi attacks, but prepending JSON to the SQL syntax makes the WAF blind to these attacks.”
The industrial and IoT cybersecurity company says its technology has worked well against WAFs from vendors such as Amazon Web Services (AWS), Cloudflare, F5, Imperva, and Palo Alto Networks. All of these vendors have released updates to support JSON syntax during SQL injection inspection.
Acting as a security guardrail against malicious external HTTP(S) traffic, WAFs allow attackers with the ability to traverse barriers to gain initial access to target environments for further exploitation.
A bypass mechanism devised by Claroty Bank based on WAF’s lack of JSON support to create malformed SQL injection payloads containing JSON syntax to evade protections.
“Attackers using this new technique can gain access to back-end databases and use additional vulnerabilities and exploits to exfiltrate information through direct server access or via the cloud,” Moshe explained. did. “This is a dangerous bypass, especially as more organizations continue to move more businesses and functions to the cloud.”